Skip to content

Ensure Inactive Users Are Not Assigned as Catalog Item Owners #169

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
wants to merge 11 commits into from
Closed

Ensure Inactive Users Are Not Assigned as Catalog Item Owners #169

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
11 commits
Select commit Hold shift + click to select a range
37a0727
Highly recommended practice to use ATFs for regression testing on in…
Rampriya-S Oct 16, 2024
3fdd9ab
Use Logging Levels: Instead of gs.log(), consider using more appropri…
Rampriya-S Oct 18, 2024
c5d0f6c
We should ensure that inactive users are removed from being assigned …
Rampriya-S Oct 20, 2024
61be416
We should ensure that inactive users are removed from being assigned …
Rampriya-S Oct 20, 2024
2f21668
Check any assets assigned to any inactive user.
Rampriya-S Oct 20, 2024
8fa1ff5
Check any Catalog Tasks Assigned to Inactive User
Rampriya-S Oct 20, 2024
861089e
Check Email recipient as inactive user
Rampriya-S Oct 20, 2024
530c5fb
Address any approvals assigned to Inactive user
Rampriya-S Oct 20, 2024
4cff6e9
We should ensure that inactive users are removed from being assigned …
Rampriya-S Oct 20, 2024
1390a8c
We should ensure that inactive users are removed from being assigned …
Rampriya-S Oct 30, 2024
251eee1
Update README.md
Rampriya-S Oct 30, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 3 additions & 0 deletions README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,9 @@ Open-Sourced community contributed and owned repository for Instance Scan Defini

## Category: Manageability

### Ensure Inactive Users Are Not Assigned as Catalog Item Owners
Ensure inactive users are not assigned as catalog item owners, maintaining accountability and system accuracy. Regular instance checks should validate active ownership for all catalog items.

### Avoid using javascript "document" object in Portal
Always avoid using native js "document" object for DOM manipulation in service portal. Instead we should use AngularJS equivalent capabilities to achieve the same.

Expand Down
2 changes: 1 addition & 1 deletion ca8467c41b9abc10ce0f62c3b24bcbaa/checksum.txt
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1 +1 @@
vdzK57T2bhYH4R3tr5_N6r8DKdLmhtc5_AMSqsrGL2lDDQtzZxnmirx38up8Jm2-CI3CDMpa7Udq0cV06a0WfIeCBFsws8y-joYHTxiD-lAbbpy7LKyBy-szR_kO4mFszdz7Kikp9bbMUwWTIPbtRQzbapfu6HH7iEFepuUdA9SOlwPJAAaBRxCUQeo8Hg9Hxb7ubHmvx87l7IwoGN2ezq07g2EMDh3wkpLdXVXdMoPd-Hf9g8X-V4ENLaGI-5wQnvXgX_w_shWoupz_WdTA3ir94Eh3Nu2jiM29wNQDNrlsTvslryId4vq8M8ME13Vi7UpuHw6Ec-ooT6OXdBMkvgsVAtCARdy79UbAgT_p9E3KL3rbJPozp-7I8wOf3n1WETwJkDsAUMzBp3LWF8_BqfxFeYFCEQV3l3xC8ic2ZQn_98i9fpgURFU9Ec2BEGbbMfpm7KehrFl0bNOVDTDEWIETdt80lvfR1i0-8Yk1vHWvLdB94dHoPw1a77oWht1HxEMkNzE1m38ANVQVZq2-pbVdIiAYCLeRBdd5i_LrNLpF7iCHBpAawuxX5BQIVKBW3WNTPhWUdV9_a1_394CDBmYswn8XiQSx0Vi0hfjuuMp9J9sQxOVVq2MFyWZiDvhIX2CJutq8xn27shQc7Y5xeZN5SVosFrv3irWYkzJuKoU
r_d-cQn06Ca0XNT0eKPvX4wYE-_d3YLOvl_lEIGmvwqx3-5mVhsFFy1zMyFDjeIl4E1dh3ecF36UaB8UB_8D9lk2eEI4rdVDPBdBSwM_SoFuVjuqOj6coD5GLBV6bYc-gWmJaf-hLtfTyTM4bSnign7rYJzEZoqx_8hccnUZ0_VJ3TfqyyF3YMHWiuzZeJlBCwqDAi_fOJ3GBo1sZU_uq5cZD3j9aUPkcpE6CInss4m4KyMobPRTOcJdZT-2rCz1ARK8ZlphIA44YWYQOwY5I_blZgjNcSNq2VNAxY-80cZBHHDPcz3exSOGUNkF50kj6ZrTy-BSRtBJTgTMV5c_n5VLnrqy5VwMRuKKf_VsqSg1Y5te0kvSZK3DNq5MoMTwr2vHV3ljlvgT34nAX1orZkBbP1Gk66YOFNwESISJpS7INLwQpZiznS6DirCFiYPQuF4pCCySGfO2j4GAXaWuEo8gSQcgBRi1ILyc2FGba-2ky6qvZ5RwRSbbEKcaU1RQzAQ2ftxFUq89ecr3VIoF5bntDlNcbIcROtHFAOSzCNGs0hXtunCdXa6huGeEaeCzD8YwIprTr4j_DESQGMxXJUfwigp2T_CP8un-HpcYdx8RPMICvSixojJ7p7hu0KKLScdPxAcgFKyhyxwgjM9CUemi9votsifb9DnVulS424I
53 changes: 53 additions & 0 deletions ...9abc10ce0f62c3b24bcbaa/update/scan_script_only_check_6b832a7953d1d61000b51901a0490e24.xml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,53 @@
<?xml version="1.0" encoding="UTF-8"?><record_update table="scan_script_only_check">
<scan_script_only_check action="INSERT_OR_UPDATE">
<active>true</active>
<category>upgradability</category>
<description>Use Logging Levels: Instead of gs.log(), consider using more appropriate logging levels, such as:&#13;
gs.info() for informational messages.&#13;
gs.warn() for warnings that don’t break functionality but may need attention.&#13;
gs.error() for logging errors that require investigation.</description>
<documentation_url/>
<finding_type>scan_finding</finding_type>
<name>Avoid usage of gs.log()</name>
<priority>3</priority>
<resolution_details/>
<run_condition/>
<score_max>100</score_max>
<score_min>0</score_min>
<score_scale>1</score_scale>
<script><![CDATA[(function (finding, columnValue) {
var matches = columnValue.match(/gs\.log\s*\(/g);

if (matches) {
matches.forEach(function(element) {
finding.increment();
});
}
})(finding, columnValue);]]></script>
<short_description>Avoid usage of gs.log() in prod</short_description>
<sys_class_name>scan_script_only_check</sys_class_name>
<sys_created_by>admin</sys_created_by>
<sys_created_on>2024-10-18 02:30:31</sys_created_on>
<sys_id>6b832a7953d1d61000b51901a0490e24</sys_id>
<sys_mod_count>0</sys_mod_count>
<sys_name>Avoid usage of gs.log()</sys_name>
<sys_package display_value="Example Instance Checks" source="x_appe_exa_checks">ca8467c41b9abc10ce0f62c3b24bcbaa</sys_package>
<sys_policy/>
<sys_scope display_value="Example Instance Checks">ca8467c41b9abc10ce0f62c3b24bcbaa</sys_scope>
<sys_update_name>scan_script_only_check_6b832a7953d1d61000b51901a0490e24</sys_update_name>
<sys_updated_by>admin</sys_updated_by>
<sys_updated_on>2024-10-18 02:30:31</sys_updated_on>
</scan_script_only_check>
<sys_translated_text action="delete_multiple" query="documentkey=6b832a7953d1d61000b51901a0490e24"/>
<sys_es_latest_script action="INSERT_OR_UPDATE">
<id>6b832a7953d1d61000b51901a0490e24</id>
<sys_created_by>admin</sys_created_by>
<sys_created_on>2024-10-18 02:30:31</sys_created_on>
<sys_id>07a5a23953d1d61000b51901a0490e95</sys_id>
<sys_mod_count>0</sys_mod_count>
<sys_updated_by>admin</sys_updated_by>
<sys_updated_on>2024-10-18 02:30:31</sys_updated_on>
<table>scan_script_only_check</table>
<use_es_latest>true</use_es_latest>
</sys_es_latest_script>
</record_update>
41 changes: 41 additions & 0 deletions ...67c41b9abc10ce0f62c3b24bcbaa/update/scan_table_check_09921c765351121000b51901a0490eec.xml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,41 @@
<?xml version="1.0" encoding="UTF-8"?><record_update table="scan_table_check">
<scan_table_check action="INSERT_OR_UPDATE">
<active>true</active>
<advanced>false</advanced>
<category>manageability</category>
<conditions table="sysevent_email_action">active=false^EQ<item endquery="false" field="active" goto="false" newquery="false" operator="=" or="false" value="false"/>
<item endquery="true" field="" goto="false" newquery="false" operator="=" or="false" value=""/>
</conditions>
<description/>
<documentation_url/>
<finding_type>scan_finding</finding_type>
<name>Inactive User Check : Notifications</name>
<priority>2</priority>
<resolution_details/>
<run_condition/>
<score_max>100</score_max>
<score_min>0</score_min>
<score_scale>1</score_scale>
<script><![CDATA[(function (engine) {

// Add your code here

})(engine);]]></script>
<short_description>Check Email recipient as inactive user</short_description>
<sys_class_name>scan_table_check</sys_class_name>
<sys_created_by>admin</sys_created_by>
<sys_created_on>2024-10-20 18:27:05</sys_created_on>
<sys_id>09921c765351121000b51901a0490eec</sys_id>
<sys_mod_count>0</sys_mod_count>
<sys_name>Inactive User Check : Notifications</sys_name>
<sys_package display_value="Example Instance Checks" source="x_appe_exa_checks">ca8467c41b9abc10ce0f62c3b24bcbaa</sys_package>
<sys_policy/>
<sys_scope display_value="Example Instance Checks">ca8467c41b9abc10ce0f62c3b24bcbaa</sys_scope>
<sys_update_name>scan_table_check_09921c765351121000b51901a0490eec</sys_update_name>
<sys_updated_by>admin</sys_updated_by>
<sys_updated_on>2024-10-20 18:27:05</sys_updated_on>
<table>sysevent_email_action</table>
<use_manifest>false</use_manifest>
</scan_table_check>
<sys_translated_text action="delete_multiple" query="documentkey=09921c765351121000b51901a0490eec"/>
</record_update>
41 changes: 41 additions & 0 deletions ...67c41b9abc10ce0f62c3b24bcbaa/update/scan_table_check_25a5c4b65311121000b51901a0490e4f.xml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,41 @@
<?xml version="1.0" encoding="UTF-8"?><record_update table="scan_table_check">
<scan_table_check action="INSERT_OR_UPDATE">
<active>true</active>
<advanced>false</advanced>
<category>upgradability</category>
<conditions table="sc_cat_item">owner.active=false^EQ<item endquery="false" field="owner.active" goto="false" newquery="false" operator="=" or="false" value="false"/>
<item endquery="true" field="" goto="false" newquery="false" operator="=" or="false" value=""/>
</conditions>
<description>We should ensure that inactive users are removed from being assigned as Catalog item owners</description>
<documentation_url/>
<finding_type>scan_finding</finding_type>
<name>Inactive User Check : Catalog Iem</name>
<priority>2</priority>
<resolution_details/>
<run_condition/>
<score_max>100</score_max>
<score_min>0</score_min>
<score_scale>1</score_scale>
<script><![CDATA[(function (engine) {

// Add your code here

})(engine);]]></script>
<short_description>Check Catalog Item owner is Active user</short_description>
<sys_class_name>scan_table_check</sys_class_name>
<sys_created_by>admin</sys_created_by>
<sys_created_on>2024-10-20 17:30:07</sys_created_on>
<sys_id>25a5c4b65311121000b51901a0490e4f</sys_id>
<sys_mod_count>1</sys_mod_count>
<sys_name>Inactive User Check : Catalog Iem</sys_name>
<sys_package display_value="Example Instance Checks" source="x_appe_exa_checks">ca8467c41b9abc10ce0f62c3b24bcbaa</sys_package>
<sys_policy/>
<sys_scope display_value="Example Instance Checks">ca8467c41b9abc10ce0f62c3b24bcbaa</sys_scope>
<sys_update_name>scan_table_check_25a5c4b65311121000b51901a0490e4f</sys_update_name>
<sys_updated_by>admin</sys_updated_by>
<sys_updated_on>2024-10-20 20:31:56</sys_updated_on>
<table>sc_cat_item</table>
<use_manifest>false</use_manifest>
</scan_table_check>
<sys_translated_text action="delete_multiple" query="documentkey=25a5c4b65311121000b51901a0490e4f"/>
</record_update>
41 changes: 41 additions & 0 deletions ...67c41b9abc10ce0f62c3b24bcbaa/update/scan_table_check_2fbf40be5311121000b51901a0490ea9.xml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,41 @@
<?xml version="1.0" encoding="UTF-8"?><record_update table="scan_table_check">
<scan_table_check action="INSERT_OR_UPDATE">
<active>true</active>
<advanced>false</advanced>
<category>manageability</category>
<conditions table="sc_task">active=false^EQ<item endquery="false" field="active" goto="false" newquery="false" operator="=" or="false" value="false"/>
<item endquery="true" field="" goto="false" newquery="false" operator="=" or="false" value=""/>
</conditions>
<description>Check any Catalog Tasks Assigned to Inactive User</description>
<documentation_url/>
<finding_type>scan_finding</finding_type>
<name>Inactive User Check : Cat Task assignment</name>
<priority>1</priority>
<resolution_details/>
<run_condition/>
<score_max>100</score_max>
<score_min>0</score_min>
<score_scale>1</score_scale>
<script><![CDATA[(function (engine) {

// Add your code here

})(engine);]]></script>
<short_description>Check any Catalog Tasks Assigned to Inactive User</short_description>
<sys_class_name>scan_table_check</sys_class_name>
<sys_created_by>admin</sys_created_by>
<sys_created_on>2024-10-20 18:12:50</sys_created_on>
<sys_id>2fbf40be5311121000b51901a0490ea9</sys_id>
<sys_mod_count>0</sys_mod_count>
<sys_name>Inactive User Check : Cat Task assignment</sys_name>
<sys_package display_value="Example Instance Checks" source="x_appe_exa_checks">ca8467c41b9abc10ce0f62c3b24bcbaa</sys_package>
<sys_policy/>
<sys_scope display_value="Example Instance Checks">ca8467c41b9abc10ce0f62c3b24bcbaa</sys_scope>
<sys_update_name>scan_table_check_2fbf40be5311121000b51901a0490ea9</sys_update_name>
<sys_updated_by>admin</sys_updated_by>
<sys_updated_on>2024-10-20 18:12:50</sys_updated_on>
<table>sc_task</table>
<use_manifest>false</use_manifest>
</scan_table_check>
<sys_translated_text action="delete_multiple" query="documentkey=2fbf40be5311121000b51901a0490ea9"/>
</record_update>
41 changes: 41 additions & 0 deletions ...67c41b9abc10ce0f62c3b24bcbaa/update/scan_table_check_3c0ec0355369de1000b51901a0490e46.xml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,41 @@
<?xml version="1.0" encoding="UTF-8"?><record_update table="scan_table_check">
<scan_table_check action="INSERT_OR_UPDATE">
<active>true</active>
<advanced>false</advanced>
<category>manageability</category>
<conditions table="sc_cat_item">owner.active=false^EQ<item endquery="false" field="owner.active" goto="false" newquery="false" operator="=" or="false" value="false"/>
<item endquery="true" field="" goto="false" newquery="false" operator="=" or="false" value=""/>
</conditions>
<description>We should ensure that inactive users are removed from being assigned as Catalog item owners</description>
<documentation_url/>
<finding_type>scan_finding</finding_type>
<name>Inactive User Check : Catalog Item</name>
<priority>2</priority>
<resolution_details/>
<run_condition/>
<score_max>100</score_max>
<score_min>0</score_min>
<score_scale>1</score_scale>
<script><![CDATA[(function (engine) {

// Add your code here

})(engine);]]></script>
<short_description>Check Catalog Item owner is Active user</short_description>
<sys_class_name>scan_table_check</sys_class_name>
<sys_created_by>admin</sys_created_by>
<sys_created_on>2024-10-30 01:46:25</sys_created_on>
<sys_id>3c0ec0355369de1000b51901a0490e46</sys_id>
<sys_mod_count>0</sys_mod_count>
<sys_name>Inactive User Check : Catalog Item</sys_name>
<sys_package display_value="Example Instance Checks" source="x_appe_exa_checks">ca8467c41b9abc10ce0f62c3b24bcbaa</sys_package>
<sys_policy/>
<sys_scope display_value="Example Instance Checks">ca8467c41b9abc10ce0f62c3b24bcbaa</sys_scope>
<sys_update_name>scan_table_check_3c0ec0355369de1000b51901a0490e46</sys_update_name>
<sys_updated_by>admin</sys_updated_by>
<sys_updated_on>2024-10-30 01:46:25</sys_updated_on>
<table>sc_cat_item</table>
<use_manifest>false</use_manifest>
</scan_table_check>
<sys_translated_text action="delete_multiple" query="documentkey=3c0ec0355369de1000b51901a0490e46"/>
</record_update>
41 changes: 41 additions & 0 deletions ...67c41b9abc10ce0f62c3b24bcbaa/update/scan_table_check_5c061c765351121000b51901a0490ef8.xml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,41 @@
<?xml version="1.0" encoding="UTF-8"?><record_update table="scan_table_check">
<scan_table_check action="INSERT_OR_UPDATE">
<active>true</active>
<advanced>false</advanced>
<category>manageability</category>
<conditions table="sysapproval_approver">approver.active=false^EQ<item endquery="false" field="approver.active" goto="false" newquery="false" operator="=" or="false" value="false"/>
<item endquery="true" field="" goto="false" newquery="false" operator="=" or="false" value=""/>
</conditions>
<description/>
<documentation_url/>
<finding_type>scan_finding</finding_type>
<name>Inactive User Check : Approvals</name>
<priority>2</priority>
<resolution_details/>
<run_condition/>
<score_max>100</score_max>
<score_min>0</score_min>
<score_scale>1</score_scale>
<script><![CDATA[(function (engine) {

// Add your code here

})(engine);]]></script>
<short_description>Address any approvals assigned to Inactiveuser</short_description>
<sys_class_name>scan_table_check</sys_class_name>
<sys_created_by>admin</sys_created_by>
<sys_created_on>2024-10-20 18:38:13</sys_created_on>
<sys_id>5c061c765351121000b51901a0490ef8</sys_id>
<sys_mod_count>0</sys_mod_count>
<sys_name>Inactive User Check : Approvals</sys_name>
<sys_package display_value="Example Instance Checks" source="x_appe_exa_checks">ca8467c41b9abc10ce0f62c3b24bcbaa</sys_package>
<sys_policy/>
<sys_scope display_value="Example Instance Checks">ca8467c41b9abc10ce0f62c3b24bcbaa</sys_scope>
<sys_update_name>scan_table_check_5c061c765351121000b51901a0490ef8</sys_update_name>
<sys_updated_by>admin</sys_updated_by>
<sys_updated_on>2024-10-20 18:38:13</sys_updated_on>
<table>sysapproval_approver</table>
<use_manifest>false</use_manifest>
</scan_table_check>
<sys_translated_text action="delete_multiple" query="documentkey=5c061c765351121000b51901a0490ef8"/>
</record_update>
54 changes: 54 additions & 0 deletions ...67c41b9abc10ce0f62c3b24bcbaa/update/scan_table_check_6f14fe555359161000b51901a0490ef9.xml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,54 @@
<?xml version="1.0" encoding="UTF-8"?><record_update table="scan_table_check">
<scan_table_check action="INSERT_OR_UPDATE">
<active>true</active>
<advanced>true</advanced>
<category>manageability</category>
<conditions table="sys_properties">name=sn_atf.runner^value=false^EQ<item endquery="false" field="name" goto="false" newquery="false" operator="=" or="false" value="sn_atf.runner"/>
<item endquery="false" field="value" goto="false" newquery="false" operator="=" or="false" value="false"/>
<item endquery="true" field="" goto="false" newquery="false" operator="=" or="false" value=""/>
</conditions>
<description/>
<documentation_url/>
<finding_type>scan_finding</finding_type>
<name>ATF usage instance</name>
<priority>2</priority>
<resolution_details/>
<run_condition/>
<score_max>100</score_max>
<score_min>0</score_min>
<score_scale>1</score_scale>
<script><![CDATA[(function (finding, current) {
// Checks if we are in a non-production instance
if (gs.getProperty("glide.installation.production") === "false")
finding.increment();

})(finding, current);]]></script>
<short_description>Checking ATFs are using in Non production instances.</short_description>
<sys_class_name>scan_table_check</sys_class_name>
<sys_created_by>admin</sys_created_by>
<sys_created_on>2024-10-16 14:19:07</sys_created_on>
<sys_id>6f14fe555359161000b51901a0490ef9</sys_id>
<sys_mod_count>0</sys_mod_count>
<sys_name>ATF usage instance</sys_name>
<sys_package display_value="Example Instance Checks" source="x_appe_exa_checks">ca8467c41b9abc10ce0f62c3b24bcbaa</sys_package>
<sys_policy/>
<sys_scope display_value="Example Instance Checks">ca8467c41b9abc10ce0f62c3b24bcbaa</sys_scope>
<sys_update_name>scan_table_check_6f14fe555359161000b51901a0490ef9</sys_update_name>
<sys_updated_by>admin</sys_updated_by>
<sys_updated_on>2024-10-16 14:19:07</sys_updated_on>
<table>sys_properties</table>
<use_manifest>false</use_manifest>
</scan_table_check>
<sys_translated_text action="delete_multiple" query="documentkey=6f14fe555359161000b51901a0490ef9"/>
<sys_es_latest_script action="INSERT_OR_UPDATE">
<id>6f14fe555359161000b51901a0490ef9</id>
<sys_created_by>admin</sys_created_by>
<sys_created_on>2024-10-16 14:19:06</sys_created_on>
<sys_id>57a4ba915359161000b51901a0490e13</sys_id>
<sys_mod_count>0</sys_mod_count>
<sys_updated_by>admin</sys_updated_by>
<sys_updated_on>2024-10-16 14:19:06</sys_updated_on>
<table>scan_table_check</table>
<use_es_latest>true</use_es_latest>
</sys_es_latest_script>
</record_update>
Loading
Loading